Dark Slayer Mutation Engine
Version 1.0 <09-28-93>
Written
By
Dark Slayer
English document by Dark Striker
Who should use DSME?
^^^^^^^^^^^^^^^^^^^^
If you are virus-writing beginner,you shouldn't use DSME.
DSME is just for those people who are senior in virus-writing.
How about the Licence ?
^^^^^^^^^^^^^^^^^^^^^^^
This is a LEAGEL agreement between YOU and DARK SLAYER.
You may:
1. Use DSME in your virus writing.
2. Free copy DSME to those who need DSME to produce viruses.
You may not:
1. Use DSME on other program writing.
2. Modify ,or disassemble DSME.
All rights in this part are reserve by DARK SLAYER.
3. Sell DSME to others.
How powerful the DSME is?
^^^^^^^^^^^^^^^^^^^^^^^^^
The DSME is moudule that can be include in your viruses to
make them able to produce polymorphic viruses.
I am preparing senior college admission test in 1994 so that
I wrote DSME in no time. Thus,it's polymorphic effects might
not very powerful. Guys,I won't let you down...after my test,
I'll make it more poweful.Perhaps the next version,DSME will
have both polymorphic and hideen features.
Who wrote DSME?
^^^^^^^^^^^^^^^
First,it's my honor to let you know that DSME is made by
TAIWANESE who live in Taiwan,Keelung Republic Of China.(Not
the Mainland China!!!)
I,Dark Slayer,am high school student(17 years old).My goal is
to build a group which can be the 5th virus group in the world.
(Maybe you will be one of DARK SLAYER's members after you saw
this document.) My mission is to let those who write antivirus
program make their program better.To follow this rule,my viruses
won't be desturctive.
How can I get the newest DSME version?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Well,about this question,we have plan to set up a BBS in Taipei
on the begining of Nov,1993.
You can get DSME from Nowhere Man of [Nuke] by now.
BTW,if you have any suggestion about DSME,please drop me a line
in NukeBeta MSG ares of [Nuke]
How can I use it?
^^^^^^^^^^^^^^^^^
DSME module can be used under MicroSoft Assembler.It maybe can't
used under TASM or other assembler compilers.
DSME offers you a subroutines(DSME) and a pointer of program
ending(DSME_END). You will need DSME_END when you need to get the
program length.
In order to use DSME in your virus,you must include the following
in your source code:
VIR_LEN EQU OFFSET DSME_END
;This will offer you the length of the virus
EXTRN DSME:NEAR,DSME_END:NEAR
You can include the following when you want to encryption your
source code:
CALL DSME
Input parameters of the crypt routine:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ES => Work segment (Decryptor + encryted code ,start in ES:0)
DSME's decryptor code will not over 512 bytes.
Only you have to do is to reserve memory size (your virus
lengh + DSME lengh + 512 bytes)
You should notice this if your virus is resident in memory.
DS:DX => Code's address to encrypt
This must point to the code you want to encrypt.
CX = Length of code to encrypt
You can use 'OFFSET DSME_END' to get the whole lengh.
BP = Offset where the decryption routine will be executed
The decryption routine's offset depends on which kinds of
file you want to infect it.(Like Friday infects COM files,
you should set BP to 0100h)
BL = Decryptor addressing mode
BL = 0 Don't care addressing mode. (Used to infect COM files)
BL = 1 Use CS or SS to addressing.(Used to infect EXE files
BTW,you must set SS=CS)
Output parameters of the crypt routine:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DS:DX => Decryptor + encrypted code
Return from DSME ,DS:DX will point to decryptor + encrypted
code. This will make writing-function of INT 21h easier.
CX = Length of decryptor + encrypted code
This will make writing-function of INT 21h easier,too.
Except these register mentioned above and AX,other registers won't be changed.
About Stack:
^^^^^^^^^^^^
If your virus halt system all the time and you can't find the
problem out,maybe your stack is covered by DSME.
I suggest you use your own stack in your virus source to avoid
the stack problem.
Final notes.
~~~~~~~~~~~~
First, I want to thank the Dark Avenger from Bulgaria for his
nice 'Mutation Engine' program. This fine program has been a
great source of inspiration for the DSME!
Second,I also want to thank Ruei-Chiang Huang for his writing
on THE 3RD WAVE (Chinese Magazine) about 'Mutation Engine'
interduction.This article cause me to write DSME.
Check out the sources of DSME-GEN and DEMO to learn more about
the DSME and how it works.
Please, remember that the author of the DSME and the Dark Slayer
virus produce group are not responsible if you use the DSME in
an illegal or naughty way.
Good luck.
Dark Slayer